What is CVE-2019-14271?

CVE-2019-14271 is a vulnerability in N/a. Published 2019-07-29.

Is CVE-2019-14271 known to be exploited?

40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-14271

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

EPSS: 0.719 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/moby/moby/issues/39449 (x_refsource_MISC)
docs.docker.com/engine/release-notes/ (x_refsource_CONFIRM)
security.netapp.com/advisory/ntap-20190828-0003/ (x_refsource_CONFIRM)
openSUSE-SU-2019:2021 (vendor-advisory, x_refsource_SUSE)
DSA-4521 (vendor-advisory, x_refsource_DEBIAN)
20190910 [SECURITY] [DSA 4521-1] docker.io security update (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2019-14271?: CVE-2019-14271 is a vulnerability in N/a. Published 2019-07-29.
Is CVE-2019-14271 known to be exploited?: 40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.